TIDYELF

Description

(FireEye) TIDYELF is a dropper for the WINTERLOVE backdoor. WINTERLOVE has been observed embedded within a resource within TIDYELF. TIDYELF will load the main WINTERLOVE component by injecting it into the iexplore.exe process. It will then create a registry key named HKLM\SOFTWARE\RAT to store configuration data for WINTERLOVE components to use.

Names

Name
TIDYELF

Type

Dropper

Information

https://paper.bobylive.com/Security/APT_Report/APT-41.pdf

Other Information

Uuid

9a6d78d8-957d-4bfb-a6a2-2b8998b00b19

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

TIDYELF

TIDYELF

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks